xloader | 196f6fa715f727b281d42097e63b4780a366626bf1171b44c9e05ca25af6916a

General

Target

196f6fa715f727b281d42097e63b4780a366626bf1171b44c9e05ca25af6916a
Size

164KB
MD5

6bc6e0008d5278c3598806fa890d89ca
SHA1

da941da689a79f99b635a803d734959c502154ab
SHA256

196f6fa715f727b281d42097e63b4780a366626bf1171b44c9e05ca25af6916a
SHA512

172d0103e8ef74e5c34e13e1b873b9ece05502a0956aa8296b8b75d0f638861b976495ad2737aaf8d70a893c3d90c06a026f356db5f56fc95ba31f3443c77a42
SSDEEP

3072:1JLOJEL22zL4xW4MOJJTFZbTNKXIA5oCeCcFi2Fm93zFlp:z3T8bMO7ZZbTNIIAO8mFm93J

Score

10^/10

rat n00q xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n00q

Decoy

ewoledu.com

enerlogistic.com

aaron123.xyz

fortimob.com

carrota.guru

tenuitskaffe.quest

cheffumeur.com

threemee-pictures.com

bltfzqc.com

coronarycoach.com

micerbeats.com

ourtoytime.com

mdhousevalues.com

rapibest.com

group-place.com

alstartnpasumo3.xyz

annaandrose.com

artartartstore.com

lokal-sabang.com

clelavie.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
196f6fa715f727b281d42097e63b4780a366626bf1171b44c9e05ca25af6916a

Files

196f6fa715f727b281d42097e63b4780a366626bf1171b44c9e05ca25af6916a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB